When a website is added to a blocklist by blocklist authorities it can be painfully stressful for their business. SEO rankings take a dive, and loss in revenue/traffic is hit even harder if not resolved quickly. In this article we’ll be discussing what blocklists are exactly, why you should consider them when starting a website, […]
Tag Archives: Website Security
WordPress 5.8.3 Security Release
On January 6th, Automattic released an important security update for the WordPress core which addresses four separate vulnerabilities. WordPress website administrators are advised to update their websites immediately. All WordPress versions between 3.7 and 5.8 are affected by this, and the security issues include SQL injection, stored XSS and object injection, which we will review […]
A Walk Through a Year of Website Security: Part II
Part I of our 2021 Security Walkthrough shows the initial 5 posts of our top 10. 6 – Vulnerable Plugin Exploited in Spam Redirect Campaign It was brought to our malware research team’s attention that a vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. The type of vulnerability found is known as […]
A Walk Through a Year of Website Security: Part I
Over the last year, Sucuri has provided a wide array of posts in regards to how sites are infected, the types of attacks we’ve discovered, how to detect them, and how to prevent future infections with certain methods and tools. In this article we’ll discuss our top 10 posts involving website security, and what site […]
Most Interesting Vulnerabilities of 2021
As with most years, there’s been a wide array of critical vulnerabilities found within content management systems, plugins, API keys, etc. We’ll be recapping our discoveries and how these vulnerabilities were exploited, or potentially could have been. Adobe Patches Critical Magento Vulnerabilities This past year, Adobe released several critical security patches for both their commercial […]
How to Add SSL & Move WordPress from HTTP to HTTPS
Making sure your website uses HTTPS should be a top priority for any webmaster In fact, recent statistics show that over 42% of site administrators across the web use WordPress, and many of these sites still don’t have an SSL certificate installed. The Importance of SSL For the past several years, SSL has become increasingly […]
Critical Vulnerabilities in All in One SEO Plugin Affects Millions of WordPress Websites
Security Risk: High Exploitation Level: Easy CVSS Score: 9.9 / 7.7 Vulnerability: Privilege Escalation, SQL Injection Patched Version: 4.1.5.3 Last week, security researcher at Automattic Marc Montpas recently discovered two severe security vulnerabilities within one of the most popular SEO plugins used by WordPress website owners: All in One SEO. The plugin is used by […]
How to Find and Fix a WordPress Pharma Hack
Did you know that one quarter of all spam emails are accredited to pharmaceutical ads? Pharma hacks go beyond the inbox and spam websites by redirecting traffic and adding fake keywords and subdomains to the search results. Why, and how did the medical world get tangled up in spam emails, SEO spam, redirects, and website […]
Log4j Vulnerability: The Perfect Holiday Present that Nobody Wants
A critical server security vulnerability in the Java logging library Log4j is taking the internet by storm because code to actively exploit this vulnerability is already widely distributed across the web. Originally found on the popular game Minecraft, it has since been shown to affect most web servers running Apache along with its ubiquitous logging […]
How Malware Gets On Your Website
Almost since the Internet’s inception malware infections have kept pace to be the biggest nuisance a site owner experiences. With an ever growing amount of sites making up the World Wide Web, malware infections only become more common. In this article we’ll discuss what malware is, the various types we’ve come across, the methods used […]
